diff options
-rw-r--r-- | FAQ.include | 1745 | ||||
-rw-r--r-- | Makefile.am | 4 |
2 files changed, 2 insertions, 1747 deletions
diff --git a/FAQ.include b/FAQ.include deleted file mode 100644 index 21fa7d2056..0000000000 --- a/FAQ.include +++ /dev/null @@ -1,1745 +0,0 @@ -const char *faq_part[] = { -"\n" -" The Ethereal FAQ\n" -"\n" -" Note: This is just an ASCII snapshot of the faq and may not be up to\n" -" date. Please go to http://www.ethereal.com/faq for the up to\n" -" date version. The version of this snapshot can be found at the\n" -" end of this document.\n" -"\n" -" INDEX\n" -"\n" -" General Questions:\n" -"\n" -" 1.1 Where can I get help?\n" -"\n" -" 1.2 What protocols are currently supported?\n" -"\n" -" 1.3 Are there any plans to support {your favorite protocol}?\n" -"\n" -" 1.4 Can Ethereal read capture files from {your favorite network\n" -" analyzer}?\n" -"\n" -" 1.5 What devices can Ethereal use to capture packets?\n" -"\n" -" 1.6 How do you pronounce Ethereal? Where did the name come from?\n" -"\n" -" Downloading Ethereal:\n" -"\n" -" 2.1 I downloaded the Win32 installer, but when I try to run it, I get\n" -" an error.\n" -"\n" -" 2.2 When I try to download the WinPcap driver and library, I can't get\n" -" to the WinPcap Web site.\n" -"\n" -" Installing Ethereal:\n" -"\n" -" 3.1 I installed an Ethereal RPM, but Ethereal doesn't seem to be\n" -" installed; only Tethereal is installed.\n" -"\n" -" Building Ethereal:\n" -"\n" -" 4.1 The configure script can't find pcap.h or bpf.h, but I have\n" -" libpcap installed.\n" -"\n" -" 4.2 Why do I get the error \n" -"\n" -" dftest_DEPENDENCIES was already defined in condition TRUE, which\n" -" implies condition HAVE_PLUGINS_TRUE\n" -"\n" -" when I try to build Ethereal from CVS or a CVS snapshot?\n" -"\n" -" 4.3 The link fails with a number of \"Output line too long.\" messages\n" -" followed by linker errors. \n" -"\n" -" 4.4 The link fails on Solaris because plugin_list is undefined. \n" -"\n" -" 4.5 The build fails on Windows because of conflicts between winsock.h\n" -" and winsock2.h. \n" -"\n" -" Using Ethereal:\n" -"\n" -" 5.1 When I use Ethereal to capture packets, I see only packets to and\n" -" from my machine, or I'm not seeing all the traffic I'm expecting to\n" -" see from or to the machine I'm trying to monitor.\n" -"\n" -" 5.2 I can't see any TCP packets other than packets to and from my\n" -" machine, even though another analyzer on the network sees those\n" -" packets.\n" -"\n" -" 5.3 I'm only seeing ARP packets when I try to capture traffic.\n" -"\n" -" 5.4 How do I put an interface into promiscuous mode?\n" -"\n" -" 5.5 I can set a display filter just fine, but capture filters don't\n" -" work.\n" -"\n" -" 5.6 I'm entering valid capture filters, but I still get \"parse error\"\n" -" errors.\n" -"\n" -" 5.7 I saved a filter and tried to use its name to filter the display,\n" -" but I got an \"Unexpected end of filter string\" error.\n" -"\n" -" 5.8 Why am I seeing lots of packets with incorrect TCP checksums?\n" -"\n" -" 5.9 I've just installed Ethereal, and the traffic on my local LAN is\n" -" boring.\n" -"\n" -" 5.10 When I run Ethereal on Solaris 8, it dies with a Bus Error when I\n" -" start it.\n" -"\n" -" 5.11 When I run Ethereal on Windows NT, it dies with a Dr. Watson\n" -" error, reporting an \"Integer division by zero\" exception, when I start\n" -" it.\n" -"\n" -" 5.12 When I try to run Ethereal, it complains about\n" -" sprint_realloc_objid being undefined.\n" -"\n" -" 5.13 I'm running Ethereal on Linux; why do my time stamps have only\n" -" 100ms resolution, rather than 1us resolution?\n" -"\n" -" 5.14 I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n" -" why are the time stamps on packets wrong? \n" -"\n" -" 5.15 When I try to run Ethereal on Windows, it fails to run because it\n" -" can't find packet.dll.\n" -"\n" -" 5.16 I'm running Ethereal on Windows; why does some network interface\n" -" on my machine not show up in the list of interfaces in the\n" -" \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n" -" and/or why does Ethereal give me an error if I try to capture on that\n" -" interface? \n" -"\n" -" 5.17 I'm running on a UNIX-flavored OS; why does some network\n" -" interface on my machine not show up in the list of interfaces in the\n" -" \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n" -" and/or why does Ethereal give me an error if I try to capture on that\n" -" interface? \n" -"\n" -" 5.18 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has\n" -" a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the\n" -" \"Interface\" item in the \"Capture Options\" dialog box. Why can no\n" -" packets be sent on or received from that network while I'm trying to\n" -" capture traffic on that interface?\n" -"\n" -" 5.19 I'm running Ethereal on Windows 95/98/Me, on a machine with more\n" -" than one network adapter of the same type; Ethereal shows all of those\n" -" adapters with the same name, but I can't use any of those adapters\n" -" other than the first one.\n" -"\n" -" 5.20 I'm running Ethereal on Windows, and I'm not seeing any traffic\n" -" being sent by the machine running Ethereal.\n" -"\n" -" 5.21 I'm trying to capture traffic but I'm not seeing any.\n" -"\n" -" 5.22 I have an XXX network card on my machine; if I try to capture on\n" -" it, my machine crashes or resets itself. \n" -"\n" -" 5.23 My machine crashes or resets itself when I select \"Start\" from\n" -" the \"Capture\" menu or select \"Preferences\" from the \"Edit\" menu. \n" -"\n" -" 5.24 Does Ethereal work on Windows ME? \n" -"\n" -" 5.25 Does Ethereal work on Windows XP? \n" -"\n" -" 5.26 Why doesn't Ethereal correctly identify RTP packets? It shows\n" -" them only as UDP.\n" -"\n" -" 5.27 Why doesn't Ethereal show Yahoo Messenger packets in captures\n" -" that contain Yahoo Messenger traffic?\n" -"\n" -" 5.28 Why do I get the error \n" -"\n" -" Gdk-ERROR **: Palettized display (256-colour) mode not supported on\n" -" Windows.\n" -" aborting....\n" -"\n" -" when I try to run Ethereal on Windows?\n" -"\n" -" 5.29 When I capture on Windows in promiscuous mode, I can see packets\n" -" other than those sent to or from my machine; however, those packets\n" -" show up with a \"Short Frame\" indication, unlike packets to or from my\n" -" machine. What should I do to arrange that I see those packets in their\n" -" entirety? \n" -"\n" -" 5.30 How can I capture raw 802.11 packets, including non-data\n" -" (management, beacon) packets? \n" -"\n" -" 5.31 How can I capture packets with CRC errors? \n" -"\n" -" 5.32 How can I capture entire frames, including the FCS? \n" -"\n" -" 5.33 Ethereal hangs after I stop a capture. \n" -"\n" -" 5.34 How can I search for, or filter, packets that have a particular\n" -" string anywhere in them? \n" -"\n" -" GENERAL QUESTIONS \n" -" Q 1.1: Where can I get help?\n" -"\n" -" A: Support is available on the ethereal-users mailing list.\n" -" Subscription information and archives for all of Ethereal's mailing\n" -" lists can be found at http://www.ethereal.com/lists\n" -"\n" -" Q 1.2: What protocols are currently supported?\n" -"\n" -" A: There are currently 393 supported protocols and media, listed\n" -" below. Descriptions can be found in the ethereal(1) man page.\n" -"\n" -" 802.1q Virtual LAN\n" -" 802.1x Authentication\n" -" AFS (4.0) Replication Server call declarations\n" -" AOL Instant Messenger\n" -" ARCNET\n" -" ATM\n" -" ATM AAL1\n" -" ATM AAL3/4\n" -" ATM LAN Emulation\n" -" ATM OAM AAL\n" -" AVS WLAN Capture header\n" -" Ad hoc On-demand Distance Vector Routing Protocol\n" -" Address Resolution Protocol\n" -" Aggregate Server Access Protocol\n" -" Alert Standard Forum\n" -" Andrew File System (AFS)\n" -" Apache JServ Protocol v1.3\n" -" AppleTalk Filing Protocol\n" -" AppleTalk Session Protocol\n" -" AppleTalk Transaction Protocol packet\n" -" Appletalk Address Resolution Protocol\n" -" Application Configuration Access Protocol\n" -" Async data over ISDN (V.120)\n" -" Authentication Header\n" -" BACnet Virtual Link Control\n" -" Banyan Vines ARP\n" -" Banyan Vines Echo\n" -" Banyan Vines Fragmentation Protocol\n" -" Banyan Vines ICP\n" -" Banyan Vines IP\n" -" Banyan Vines IPC\n" -" Banyan Vines LLC\n" -" Banyan Vines RTP\n" -" Banyan Vines SPP\n" -" Blocks Extensible Exchange Protocol\n" -" Boardwalk\n" -" Boot Parameters\n" -" Bootstrap Protocol\n" -" Border Gateway Protocol\n" -" Building Automation and Control Network APDU\n" -" Building Automation and Control Network NPDU\n" -" CDS Clerk Server Calls\n" -" Check Point High Availability Protocol\n" -" Checkpoint FW-1\n" -" Cisco Auto-RP\n" -" Cisco Discovery Protocol\n" -" Cisco Group Management Protocol\n" -" Cisco HDLC\n" -" Cisco Hot Standby Router Protocol\n" -" Cisco ISL\n" -" Cisco Interior Gateway Routing Protocol\n" -" Cisco NetFlow\n" -" Cisco SLARP\n" -" Clearcase NFS\n" -" CoSine IPNOS L2 debug output\n" -" Common Open Policy Service\n" -" Common Unix Printing System (CUPS) Browsing Protocol\n" -" DCE DFS Calls\n" -" DCE Distributed Time Service Local Server\n" -" DCE Distributed Time Service Provider\n" -" DCE Name Service\n" -" DCE RPC\n" -" DCE Security ID Mapper\n" -" DCE/RPC BOS Server\n" -" DCE/RPC CDS Solicitation\n" -" DCE/RPC Conversation Manager\n" -" DCE/RPC Endpoint Mapper\n" -" DCE/RPC FLDB\n" -" DCE/RPC FLDB UBIK TRANSFER\n" -" DCE/RPC FLDB UBIKVOTE\n" -" DCE/RPC Kerberos V\n" -" DCE/RPC RS_ACCT\n" -" DCE/RPC RS_MISC\n" -" DCE/RPC RS_UNIX\n" -" DCE/RPC Remote Management\n" -" DCE/RPC Repserver Calls\n" -" DCE/RPC TokenServer Calls\n" -" DCE/RPC UpServer\n" -" DCOM OXID Resolver\n" -" DCOM Remote Activation\n" -" DEC Spanning Tree Protocol\n" -" DHCPv6\n" -" DNS Control Program Server\n" -" Data\n" -" Data Link SWitching\n" -" Data Stream Interface\n" -" Datagram Delivery Protocol\n" -" Diameter Protocol\n" -" Distance Vector Multicast Routing Protocol\n" -" Distcc Distributed Compiler\n" -" Distributed Checksum Clearinghouse Prototocl\n" -" Domain Name Service\n" -" Dynamic DNS Tools Protocol\n" -" Echo\n" -" Encapsulating Security Payload\n" -" Enhanced Interior Gateway Routing Protocol\n" -" EtherNet/IP (Industrial Protocol)\n" -" Ethernet\n" -" Ethernet over IP\n" -" Extensible Authentication Protocol\n" -" FC Extended Link Svc\n" -" FC Fabric Configuration Server\n" -" FCIP\n" -" FTP Data\n" -" FTServer Operations\n" -" Fiber Distributed Data Interface\n" -" Fibre Channel\n" -" Fibre Channel Common Transport\n" -" Fibre Channel Fabric Zone Server\n" -" Fibre Channel Name Server\n" -" Fibre Channel Protocol for SCSI\n" -" Fibre Channel SW_ILS\n" -" File Transfer Protocol (FTP)\n" -" Financial Information eXchange Protocol\n" -" Frame\n" -" Frame Relay\n" -" GARP Multicast Registration Protocol\n" -" GARP VLAN Registration Protocol\n" -" GPRS Tunneling Protocol\n" -" GPRS Tunnelling Protocol v0\n" -" GPRS Tunnelling Protocol v1\n" -" General Inter-ORB Protocol\n" -" Generic Routing Encapsulation\n" -" Generic Security Service Application Program Interface\n" -" Gnutella Protocol\n" -" H245\n" -" HP Extended Local-Link Control\n" -" HP Remote Maintenance Protocol\n" -" Hummingbird NFS Daemon\n" -" HyperSCSI\n" -" Hypertext Transfer Protocol\n" -" ICQ Protocol\n" -" IEEE 802.11 wireless LAN\n" -" IEEE 802.11 wireless LAN management frame\n" -" ILMI\n" -" IP Over FC\n" -" IP Payload Compression\n" -" IPX Message\n" -" IPX Routing Information Protocol\n" -" IPX WAN\n" -" ISDN\n" -" ISDN Q.921-User Adaptation Layer\n" -" ISDN User Part\n" -" ISO 10589 ISIS InTRA Domain Routeing Information Exchange Protocol\n" -" ISO 8073 COTP Connection-Oriented Transport Protocol\n" -" ISO 8473 CLNP ConnectionLess Network Protocol\n" -" ISO 8602 CLTP ConnectionLess Transport Protocol\n" -" ISO 9542 ESIS Routeing Information Exchange Protocol\n" -" ITU-T Recommendation H.261\n" -" InMon sFlow\n" -" Intel ANS probe\n" -" Intelligent Platform Management Interface\n" -" Inter-Access-Point Protocol\n" -" Interbase\n" -" Internet Cache Protocol\n" -" Internet Content Adaptation Protocol\n" -" Internet Control Message Protocol\n" -" Internet Control Message Protocol v6\n" -" Internet Group Management Protocol\n" -" Internet Message Access Protocol\n" -" Internet Printing Protocol\n" -" Internet Protocol\n" -" Internet Protocol Version 6\n" -" Internet Relay Chat\n" -" Internet Security Association and Key Management Protocol\n" -" Internetwork Packet eXchange\n" -" Jabber XML Messaging\n" -" Java RMI\n" -" Java Serialization\n" -" Kerberos\n" -" Kerberos Administration\n" -" Kernel Lock Manager\n" -" Label Distribution Protocol\n" -" Layer 2 Tunneling Protocol\n" -" Lightweight Directory Access Protocol\n" -" Line Printer Daemon Protocol\n" -" Link Access Procedure Balanced (LAPB)\n" -" Link Access Procedure Balanced Ethernet (LAPBETHER)\n" -" Link Access Procedure, Channel D (LAPD)\n" -" Link Aggregation Control Protocol\n" -" Link Management Protocol (LMP)\n" -" Linux cooked-mode capture\n" -" Local Management Interface\n" -" LocalTalk Link Access Protocol\n" -" Logical-Link Control\n" -" Lucent/Ascend debug output\n" -" MDS Header\n" -" MMS Message Encapsulation\n" -" MS Proxy Protocol\n" -" MSN Messenger Service\n" -" MSNIP: Multicast Source Notification of Interest Protocol\n" -" MTP 2 Transparent Proxy\n" -" MTP 2 User Adaptation Layer\n" -" MTP 3 User Adaptation Layer\n" -" MTP2 Peer Adaptation Layer\n" -" Message Transfer Part Level 2\n" -" Message Transfer Part Level 3\n" -" Message Transfer Part Level 3 Management\n" -" Microsoft Distributed File System\n" -" Microsoft Exchange MAPI\n" -" Microsoft Local Security Architecture\n" -" Microsoft Local Security Architecture (Directory Services)\n" -" Microsoft Messenger Service\n" -" Microsoft Network Logon\n" -" Microsoft Registry\n" -" Microsoft Security Account Manager\n" -" Microsoft Server Service\n" -" Microsoft Service Control\n" -" Microsoft Spool Subsystem\n" -" Microsoft Task Scheduler Service\n" -" Microsoft Telephony API Service\n" -" Microsoft Windows Browser Protocol\n" -" Microsoft Windows Lanman Remote API Protocol\n" -, - -" Microsoft Windows Logon Protocol\n" -" Microsoft Workstation Service\n" -" Mobile IP\n" -" Mobile IPv6\n" -" Modbus/TCP\n" -" Mount Service\n" -" MultiProtocol Label Switching Header\n" -" Multicast Router DISCovery protocol\n" -" Multicast Source Discovery Protocol\n" -" MySQL Protocol\n" -" NFSACL\n" -" NFSAUTH\n" -" NIS+\n" -" NIS+ Callback\n" -" NSPI\n" -" NTLM Secure Service Provider\n" -" Name Binding Protocol\n" -" Name Management Protocol over IPX\n" -" NetBIOS\n" -" NetBIOS Datagram Service\n" -" NetBIOS Name Service\n" -" NetBIOS Session Service\n" -" NetBIOS over IPX\n" -" NetWare Core Protocol\n" -" NetWare Link Services Protocol\n" -" Network Data Management Protocol\n" -" Network File System\n" -" Network Lock Manager Protocol\n" -" Network News Transfer Protocol\n" -" Network Status Monitor CallBack Protocol\n" -" Network Status Monitor Protocol\n" -" Network Time Protocol\n" -" Novell Distributed Print System\n" -" Null/Loopback\n" -" Open Shortest Path First\n" -" OpenBSD Encapsulating device\n" -" OpenBSD Packet Filter log file\n" -" OpenBSD Packet Filter log file, pre 3.4\n" -" PC NFS\n" -" PPP Bandwidth Allocation Control Protocol\n" -" PPP Bandwidth Allocation Protocol\n" -" PPP CDP Control Protocol\n" -" PPP Callback Control Protocol\n" -" PPP Challenge Handshake Authentication Protocol\n" -" PPP Compressed Datagram\n" -" PPP Compression Control Protocol\n" -" PPP IP Control Protocol\n" -" PPP IPv6 Control Protocol\n" -" PPP Link Control Protocol\n" -" PPP MPLS Control Protocol\n" -" PPP Multilink Protocol\n" -" PPP Multiplexing\n" -" PPP Password Authentication Protocol\n" -" PPP VJ Compression\n" -" PPP-over-Ethernet Discovery\n" -" PPP-over-Ethernet Session\n" -" PPPMux Control Protocol\n" -" Packet Encoding Rules (ASN.1 X.691)\n" -" Point-to-Point Protocol\n" -" Point-to-Point Tunnelling Protocol\n" -" Portmap\n" -" Post Office Protocol\n" -" Pragmatic General Multicast\n" -" Prism\n" -" Privilege Server operations\n" -" Protocol Independent Multicast\n" -" Q.2931\n" -" Q.931\n" -" Quake II Network Protocol\n" -" Quake III Arena Network Protocol\n" -" Quake Network Protocol\n" -" QuakeWorld Network Protocol\n" -" Qualified Logical Link Control\n" -" RFC 2250 MPEG1\n" -" RIPng\n" -" RPC Browser\n" -" RSTAT\n" -" RSYNC File Synchroniser\n" -" RX Protocol\n" -" Radio Access Network Application Part\n" -" Radius Protocol\n" -" Raw packet data\n" -" Real Time Streaming Protocol\n" -" Real-Time Transport Protocol\n" -" Real-time Transport Control Protocol\n" -" Registry Server Attributes Manipulation Interface\n" -" Registry server administration operations.\n" -" Remote Management Control Protocol\n" -" Remote Override interface\n" -" Remote Procedure Call\n" -" Remote Program Load\n" -" Remote Quota\n" -" Remote Shell\n" -" Remote Wall protocol\n" -" Remote sec_login preauth interface.\n" -" Resource ReserVation Protocol (RSVP)\n" -" Rlogin Protocol\n" -" Routing Information Protocol\n" -" Routing Table Maintenance Protocol\n" -" SADMIND\n" -" SCSI\n" -" SGI Mount Service\n" -" SMB (Server Message Block Protocol)\n" -" SMB MailSlot Protocol\n" -" SMB Pipe Protocol\n" -" SNA-over-Ethernet\n" -" SNMP Multiplex Protocol\n" -" SPNEGO-KRB5\n" -" SPRAY\n" -" SS7 SCCP-User Adaptation Layer\n" -" SSCOP\n" -" SSH Protocol\n" -" Secure Socket Layer\n" -" Sequenced Packet eXchange\n" -" Service Advertisement Protocol\n" -" Service Location Protocol\n" -" Session Announcement Protocol\n" -" Session Description Protocol\n" -" Session Initiation Protocol\n" -" Short Message Peer to Peer\n" -" Signalling Connection Control Part\n" -" Signalling Connection Control Part Management\n" -" Simple Mail Transfer Protocol\n" -" Simple Network Management Protocol\n" -" Sinec H1 Protocol\n" -" Skinny Client Control Protocol\n" -" SliMP3 Communication Protocol\n" -" Socks Protocol\n" -" Spanning Tree Protocol\n" -" Spnego\n" -" Stream Control Transmission Protocol\n" -" Synchronous Data Link Control (SDLC)\n" -" Syslog message\n" -" Systems Network Architecture\n" -" Systems Network Architecture XID\n" -" TACACS\n" -" TACACS+\n" -" TPKT\n" -" Tabular Data Stream\n" -" Tazmen Sniffer Protocol\n" -" Telnet\n" -" Time Protocol\n" -" Time Synchronization Protocol\n" -" Token-Ring\n" -" Token-Ring Media Access Control\n" -" Transmission Control Protocol\n" -" Transparent Network Substrate Protocol\n" -" Trivial File Transfer Protocol\n" -" UDP Encapsulation of IPsec Packets\n" -" Universal Computer Protocol\n" -" User Datagram Protocol\n" -" Virtual Router Redundancy Protocol\n" -" Virtual Trunking Protocol\n" -" WAP Binary XML\n" -" Web Cache Coordination Protocol\n" -" Wellfleet Breath of Life\n" -" Wellfleet Compression\n" -" Wellfleet HDLC\n" -" Who\n" -" Windows 2000 DNS\n" -" Wireless Session Protocol\n" -" Wireless Transaction Protocol\n" -" Wireless Transport Layer Security\n" -" X Display Manager Control Protocol\n" -" X.25\n" -" X.25 over TCP\n" -" X.29\n" -" X11\n" -" Xyplex\n" -" Yahoo Messenger Protocol\n" -" Yahoo YMSG Messenger Protocol\n" -" Yellow Pages Bind\n" -" Yellow Pages Passwd\n" -" Yellow Pages Service\n" -" Yellow Pages Transfer\n" -" Zebra Protocol\n" -" Zone Information Protocol\n" -" eDonkey Protocol\n" -" iSCSI\n" -" iSNS\n" -"\n" -" Q 1.3: Are there any plans to support {your favorite protocol}?\n" -"\n" -" A: Support for particular protocols is added to Ethereal as a result\n" -" of people contributing that support; no formal plans for adding\n" -" support for particular protocols in particular future releases exist.\n" -"\n" -" Q 1.4: Can Ethereal read capture files from {your favorite network\n" -" analyzer}?\n" -"\n" -" A: Support for particular protocols is added to Ethereal as a result\n" -" of people contributing that support; no formal plans for adding\n" -" support for particular protocols in particular future releases exist.\n" -"\n" -" If a network analyzer writes out files in a format already supported\n" -" by Ethereal (e.g., in libpcap format), Ethereal may already be able to\n" -" read them, unless the analyzer has added its own proprietary\n" -" extensions to that format.\n" -"\n" -" If a network analyzer writes out files in its own format, or has added\n" -" proprietary extensions to another format, in order to make Ethereal\n" -" read captures from that network analyzer, we would either have to have\n" -" a specification for the file format, or the extensions, sufficient to\n" -" give us enough information to read the parts of the file relevant to\n" -" Ethereal, or would need at least one capture file in that format AND a\n" -" detailed textual analysis of the packets in that capture file (showing\n" -" packet time stamps, packet lengths, and the top-level packet header)\n" -" in order to reverse-engineer the file format.\n" -"\n" -" Note that there is no guarantee that we will be able to\n" -" reverse-engineer a capture file format.\n" -"\n" -" Q 1.5: What devices can Ethereal use to capture packets?\n" -"\n" -" A: Ethereal can read live data from Ethernet, Token-Ring, FDDI, serial\n" -" (PPP and SLIP) (if the OS on which it's running allows Ethereal to do\n" -" so), 802.11 wireless LAN (if the OS on which it's running allows\n" -" Ethereal to do so), ATM connections (if the OS on which it's running\n" -" allows Ethereal to do so), and the \"any\" device supported on Linux by\n" -" recent versions of libpcap. See the list of supported capture media on\n" -" various OSes for details (several items in there say \"Unknown\", which\n" -" doesn't mean \"Ethereal can't capture on them\", it means \"we don't know\n" -" whether it can capture on them\"; we expect that it will be able to\n" -" capture on many of them, but we haven't tried it ourselves - if you\n" -" try one of those types and it works, please send an update to\n" -" ethereal-web[AT]ethereal.com).\n" -"\n" -" It can also read a variety of capture file formats, including:\n" -" * libpcap/tcpdump\n" -" * Sun snoop/atmsnoop\n" -" * Shomiti/Finisar Surveyor\n" -" * LanAlyzer\n" -" * DOS-based Sniffer (compressed and uncompressed)\n" -" * MS Network Monitor\n" -" * AIX iptrace\n" -" * NetXray and Windows-based Sniffer\n" -" * EtherPeek/TokenPeek/AiroPeek\n" -" * RADCOM WAN/LAN analyzer\n" -" * Lucent/Ascend debug output\n" -" * Toshiba ISDN router \"snoop\" output\n" -" * HPUX nettl\n" -" * ISDN4BSD \"i4btrace\" utility.\n" -" * Cisco Secure IDS\n" -" * pppd log files (pppdump format)\n" -" * VMS TCPIPtrace\n" -" * DBS Etherwatch\n" -" * Visual Networks' Visual UpTime\n" -" * CoSine L2 debug\n" -"\n" -" so that it can read traces from various network types, as captured by\n" -" other applications or equipment, even if it cannot itself capture on\n" -" those network types.\n" -"\n" -" Q 1.6: How do you pronounce Ethereal? Where did the name come from?\n" -"\n" -" A: The English pronunciation can be found in Merriam-Webster's online\n" -" dictionary at\n" -" http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=ethereal.\n" -"\n" -" According to the book \"Computer Networks\" by Andrew Tannenbaum,\n" -" Ethernet was named after the \"luminiferous ether\" which was once\n" -" thought to carry electromagnetic radiation. Taking that into\n" -" consideration, Ethereal seemed like an appropriate name for an\n" -" Ethernet analyzer.\n" -"\n" -" DOWNLOADING ETHEREAL \n" -" Q 2.1: I downloaded the Win32 installer, but when I try to run it, I\n" -" get an error.\n" -"\n" -" A: The program you used to download it may have downloaded it\n" -" incorrectly. Web browsers sometimes may do this.\n" -"\n" -" Try downloading it with, for example:\n" -" * Wget, for which Windows binaries are available on the SunSITE FTP\n" -" server at sunsite.tk or Heiko Herold's windows wget spot - wGetGUI\n" -" offers a GUI interface that uses wget;\n" -" * WS_FTP from Ipswitch,\n" -" * the ftp command that comes with Windows.\n" -"\n" -" If you use the ftp command, make sure you do the transfer in binary\n" -" mode rather than ASCII mode, by using the binary command before\n" -" transferring the file.\n" -"\n" -" Q 2.2: When I try to download the WinPcap driver and library, I can't\n" -" get to the WinPcap Web site.\n" -"\n" -" A: As is the case with all Web sites, that site won't necessarily\n" -" always be accessible; the server may be down due to a problem or down\n" -" for maintenance, or there may be a networking problem between you and\n" -" the server. You should try again later, or try the local mirror or the\n" -" Wiretapped.net mirror.\n" -"\n" -" INSTALLING ETHEREAL \n" -" Q 3.1: I installed an Ethereal RPM, but Ethereal doesn't seem to be\n" -" installed; only Tethereal is installed.\n" -"\n" -" A: Red Hat RPMs for Ethereal put only the non-GUI components into the\n" -" ethereal RPM, the fact that Ethereal is a GUI program nonwithstanding;\n" -" there's a separate ethereal-gnome RPM that includes GUI components\n" -" such as Ethereal itself, the fact that Ethereal doesn't use GNOME\n" -" nonwithstanding. Find the ethereal-gnome RPM, and install that also.\n" -"\n" -" BUILDING ETHEREAL \n" -" Q 4.1: The configure script can't find pcap.h or bpf.h, but I have\n" -" libpcap installed.\n" -"\n" -" A: Are you sure pcap.h and bpf.h are installed? The official\n" -" distribution of libpcap only installs the libpcap.a library file when\n" -" \"make install\" is run. To install pcap.h and bpf.h, you must run \"make\n" -" install-incl\". If you're running Debian or Redhat, make sure you have\n" -" the \"libpcap-dev\" or \"libpcap-devel\" packages installed.\n" -"\n" -" It's also possible that pcap.h and bpf.h have been installed in a\n" -" strange location. If this is the case, you may have to tweak\n" -" aclocal.m4.\n" -"\n" -" Q 4.2: Why do I get the error \n" -"\n" -" dftest_DEPENDENCIES was already defined in condition TRUE, which\n" -" implies condition HAVE_PLUGINS_TRUE\n" -"\n" -" when I try to build Ethereal from CVS or a CVS snapshot?\n" -"\n" -" A: You probably have automake 1.5 installed on your machine (the\n" -" command automake --version will report the version of automake on your\n" -" machine). There is a bug in that version of automake that causes this\n" -" problem; upgrade to a later version of automake (1.6 or later).\n" -"\n" -" Q 4.3: The link fails with a number of \"Output line too long.\"\n" -" messages followed by linker errors. \n" -"\n" -" A: The version of the sed command on your system is incapable of\n" -" handling very long lines. On Solaris, for example, /usr/bin/sed has a\n" -" line length limit too low to allow libtool to work; /usr/xpg4/bin/sed\n" -" can handle it, as can GNU sed if you have it installed.\n" -"\n" -" On Solaris, changing your command search path to search /usr/xpg4/bin\n" -" before /usr/bin should make the problem go away; on any platform on\n" -" which you have this problem, installing GNU sed and changing your\n" -" command path to search the directory in which it is installed before\n" -" searching the directory with the version of sed that came with the OS\n" -" should make the problem go away.\n" -"\n" -" Q 4.4: The link fails on Solaris because plugin_list is undefined. \n" -"\n" -" A: This appears to be due to a problem with some versions of the GTK+\n" -" and GLib packages from www.sunfreeware.org; un-install those packages,\n" -" and try getting the 1.2.10 versions from that site, or the versions\n" -" from The Written Word, or the versions from Sun's GNOME distribution,\n" -" or the versions from the supplemental software CD that comes with the\n" -" Solaris media kit, or build them from source from the GTK Web site.\n" -" Then re-run the configuration script, and try rebuilding Ethereal. (If\n" -" you get the 1.2.10 versions from www.sunfreeware.org, and the problem\n" -" persists, un-install them and try installing one of the other versions\n" -" mentioned.)\n" -"\n" -" Q 4.5: The build fails on Windows because of conflicts between\n" -" winsock.h and winsock2.h. \n" -"\n" -" A: As of Ethereal 0.9.5, you must install WinPcap 2.3 or later, and\n" -" the corresponding version of the developer's pack, in order to be able\n" -" to compile Ethereal; it will not compile with older versions of the\n" -" developer's pack. The symptoms of this failure are conflicts between\n" -" definitions in winsock.h and in winsock2.h; Ethereal uses winsock2.h,\n" -" but pre-2.3 versions of the WinPcap developer's packet use winsock.h.\n" -" (2.3 uses winsock2.h, so if Ethereal were to use winsock.h, it would\n" -" not be able to build with current versions of the WinPcap developer's\n" -" pack.)\n" -"\n" -" Note that the installed version of the developer's pack should be the\n" -" same version as the version of WinPcap you have installed.\n" -"\n" -" USING ETHEREAL \n" -" Q 5.1: When I use Ethereal to capture packets, I see only packets to\n" -" and from my machine, or I'm not seeing all the traffic I'm expecting\n" -" to see from or to the machine I'm trying to monitor.\n" -"\n" -" A: This might be because the interface on which you're capturing is\n" -" plugged into a switch; on a switched network, unicast traffic between\n" -" two ports will not necessarily appear on other ports - only broadcast\n" -" and multicast traffic will be sent to all ports.\n" -"\n" -" Note that even if your machine is plugged into a hub, the \"hub\" may be\n" -" a switched hub, in which case you're still on a switched network.\n" -"\n" -" Note also that on the Linksys Web site, they say that their\n" -" auto-sensing hubs \"broadcast the 10Mb packets to the port that operate\n" -" at 10Mb only and broadcast the 100Mb packets to the ports that operate\n" -" at 100Mb only\", which would indicate that if you sniff on a 10Mb port,\n" -" you will not see traffic coming sent to a 100Mb port, and vice versa.\n" -" This problem has also been reported for Netgear dual-speed hubs, and\n" -" may exist for other \"auto-sensing\" or \"dual-speed\" hubs.\n" -"\n" -" Some switches have the ability to replicate all traffic on all ports\n" -" to a single port so that you can plug your analyzer into that single\n" -" port to sniff all traffic. You would have to check the documentation\n" -" for the switch to see if this is possible and, if so, to see how to do\n" -" this. See, for example:\n" -" * this documentation from Cisco on the Switched Port Analyzer (SPAN)\n" -" feature on Catalyst switches;\n" -, - -" * documentation from HP on how to set \"monitoring\"/\"mirroring\" on\n" -" ports on the console for HP Advancestack Switch 208 and 224;\n" -" * the \"Network Monitoring Port Features\" section of chapter 6 of\n" -" documentation from HP for HP ProCurve Switches 1600M, 2424M,\n" -" 4000M, and 8000M.\n" -"\n" -" Note also that many firewall/NAT boxes have a switch built into them;\n" -" this includes many of the \"cable/DSL router\" boxes. If you have a box\n" -" of that sort, that has a switch with some number of Ethernet ports\n" -" into which you plug machines on your network, and another Ethernet\n" -" port used to connect to a cable or DSL modem, you can, at least, sniff\n" -" traffic between the machines on your network and the Internet by\n" -" plugging the Ethernet port on the router going to the modem, the\n" -" Ethernet port on the modem, and the machine on which you're running\n" -" Ethereal into a hub (make sure it's not a switching hub, and that, if\n" -" it's a dual-speed hub, all three of those ports are running at the\n" -" same speed.\n" -"\n" -" If your machine is not plugged into a switched network or a dual-speed\n" -" hub, or it is plugged into a switched network but the port is set up\n" -" to have all traffic replicated to it, the problem might be that the\n" -" network interface on which you're capturing doesn't support\n" -" \"promiscuous\" mode, or because your OS can't put the interface into\n" -" promiscuous mode. Normally, network interfaces supply to the host\n" -" only:\n" -" * packets sent to one of that host's link-layer addresses;\n" -" * broadcast packets;\n" -" * multicast packets sent to a multicast address that the host has\n" -" configured the interface to accept.\n" -"\n" -" Most network interfaces can also be put in \"promiscuous\" mode, in\n" -" which they supply to the host all network packets they see. Ethereal\n" -" will try to put the interface on which it's capturing into promiscuous\n" -" mode unless the \"Capture packets in promiscuous mode\" option is turned\n" -" off in the \"Capture Options\" dialog box, and Tethereal will try to put\n" -" the interface on which it's capturing into promiscuous mode unless the\n" -" -p option was specified. However, some network interfaces don't\n" -" support promiscuous mode, and some OSes might not allow interfaces to\n" -" be put into promiscuous mode.\n" -"\n" -" If the interface is not running in promiscuous mode, it won't see any\n" -" traffic that isn't intended to be seen by your machine. It will see\n" -" broadcast packets, and multicast packets sent to a multicast MAC\n" -" address the interface is set up to receive.\n" -"\n" -" You should ask the vendor of your network interface whether it\n" -" supports promiscuous mode. If it does, you should ask whoever supplied\n" -" the driver for the interface (the vendor, or the supplier of the OS\n" -" you're running on your machine) whether it supports promiscuous mode\n" -" with that network interface.\n" -"\n" -" In the case of token ring interfaces, the drivers for some of them, on\n" -" Windows, may require you to enable promiscuous mode in order to\n" -" capture in promiscuous mode. Ask the vendor of the card how to do\n" -" this, or see, for example, this information on promiscuous mode on\n" -" some Madge token ring adapters (note that those cards can have\n" -" promiscuous mode disabled permanently, in which case you can't enable\n" -" it).\n" -"\n" -" In the case of wireless LAN interfaces, it appears that, when those\n" -" interfaces are promiscuously sniffing, they're running in a\n" -" significantly different mode from the mode that they run in when\n" -" they're just acting as network interfaces (to the extent that it would\n" -" be a significant effor for those drivers to support for promiscuously\n" -" sniffing and acting as regular network interfaces at the same time),\n" -" so it may be that Windows drivers for those interfaces don't support\n" -" promiscuous mode.\n" -"\n" -" Q 5.2: I can't see any TCP packets other than packets to and from my\n" -" machine, even though another analyzer on the network sees those\n" -" packets.\n" -"\n" -" A: You're probably not seeing any packets other than unicast packets\n" -" to or from your machine, and broadcast and multicast packets; a switch\n" -" will normally send to a port only unicast traffic sent to the MAC\n" -" address for the interface on that port, and broadcast and multicast\n" -" traffic - it won't send to that port unicast traffic sent to a MAC\n" -" address for some other interface - and a network interface not in\n" -" promiscuous mode will receive only unicast traffic sent to the MAC\n" -" address for that interface, broadcast traffic, and multicast traffic\n" -" sent to a multicast MAC address the interface is set up to receive.\n" -"\n" -" TCP doesn't use broadcast or multicast, so you will only see your own\n" -" TCP traffic, but UDP services may use broadcast or multicast so you'll\n" -" see some UDP traffic - however, this is not a problem with TCP\n" -" traffic, it's a problem with unicast traffic, as you also won't see\n" -" all UDP traffic between other machines.\n" -"\n" -" I.e., this is probably the same question as this earlier one; see the\n" -" response to that question.\n" -"\n" -" Q 5.3: I'm only seeing ARP packets when I try to capture traffic.\n" -"\n" -" A: You're probably on a switched network, and running Ethereal on a\n" -" machine that's not sending traffic to the switch and not being sent\n" -" any traffic from other machines on the switch. ARP packets are often\n" -" broadcast packets, which are sent to all switch ports.\n" -"\n" -" I.e., this is probably the same question as this earlier one; see the\n" -" response to that question.\n" -"\n" -" Q 5.4: How do I put an interface into promiscuous mode?\n" -"\n" -" A: By not disabling promiscuous mode when running Ethereal or\n" -" Tethereal.\n" -"\n" -" Note, however, that:\n" -" * the form of promiscuous mode that libpcap (the library that\n" -" programs such as tcpdump, Ethereal, etc. use to do packet capture)\n" -" turns on will not necessarily be shown if you run ifconfig on the\n" -" interface on a UNIX system;\n" -" * some network interfaces might not support promiscuous mode, and\n" -" some drivers might not allow promiscuous mode to be turned on -\n" -" see this earlier question for more information on that;\n" -" * the fact that you're not seeing any traffic, or are only seeing\n" -" broadcast traffic, or aren't seeing any non-broadcast traffic\n" -" other than traffic to or from the machine running Ethereal, does\n" -" not mean that promiscuous mode isn't on - see this earlier\n" -" question for more information on that.\n" -"\n" -" I.e., this is probably the same question as this earlier one; see the\n" -" response to that question.\n" -"\n" -" Q 5.5: I can set a display filter just fine, but capture filters don't\n" -" work.\n" -"\n" -" A: Capture filters currently use a different syntax than display\n" -" filters. Here's the corresponding section from the ethereal(1) man\n" -" page:\n" -"\n" -" \"Display filters in Ethereal are very powerful; more fields are\n" -" filterable in Ethereal than in other protocol analyzers, and the\n" -" syntax you can use to create your filters is richer. As Ethereal\n" -" progresses, expect more and more protocol fields to be allowed in\n" -" display filters.\n" -"\n" -" Packet capturing is performed with the pcap library. The capture\n" -" filter syntax follows the rules of the pcap library. This syntax is\n" -" different from the display filter syntax.\"\n" -"\n" -" The capture filter syntax used by libpcap can be found in the\n" -" tcpdump(8) man page.\n" -"\n" -" Q 5.6: I'm entering valid capture filters, but I still get \"parse\n" -" error\" errors.\n" -"\n" -" A: There is a bug in some versions of libpcap/WinPcap that cause it to\n" -" report parse errors even for valid expressions if a previous filter\n" -" expression was invalid and got a parse error.\n" -"\n" -" Try exiting and restarting Ethereal; if you are using a version of\n" -" libpcap/WinPcap with this bug, this will \"erase\" its memory of the\n" -" previous parse error. If the capture filter that got the \"parse error\"\n" -" now works, the earlier error with that filter was probably due to this\n" -" bug.\n" -"\n" -" The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions of\n" -" libpcap have this bug, but 0.6[.x] and later versions don't.\n" -"\n" -" Versions of WinPcap prior to 2.3 are based on pre-0.6 versions of\n" -" libpcap, and have this bug; WinPcap 2.3 is based on libpcap 0.6.2, and\n" -" doesn't have this bug.\n" -"\n" -" If you are running Ethereal on a UNIX-flavored platform, run \"ethereal\n" -" -v\", or select \"About Ethereal...\" from the \"Help\" menu in Ethereal,\n" -" to see what version of libpcap it's using. If it's not 0.6 or later,\n" -" you will need either to upgrade your OS to get a later version of\n" -" libpcap, or will need to build and install a later version of libpcap\n" -" from the tcpdump.org Web site and then recompile Ethereal from source\n" -" with that later version of libpcap.\n" -"\n" -" If you are running Ethereal on Windows with a pre-2.3 version of\n" -" WinPcap, you will need to un-install WinPcap and then download and\n" -" install WinPcap 2.3.\n" -"\n" -" Q 5.7: I saved a filter and tried to use its name to filter the\n" -" display, but I got an \"Unexpected end of filter string\" error.\n" -"\n" -" A: You cannot use the name of a saved display filter as a filter. To\n" -" filter the display, you can enter a display filter expression - not\n" -" the name of a saved display filter - in the \"Filter:\" box at the\n" -" bottom of the display, and type the key or press the \"Apply\" button\n" -" (that does not require you to have a saved filter), or, if you want to\n" -" use a saved filter, you can press the \"Filter:\" button, select the\n" -" filter in the dialog box that pops up, and press the \"OK\" button.\n" -"\n" -" Q 5.8: Why am I seeing lots of packets with incorrect TCP checksums?\n" -"\n" -" A: If the packets that have incorrect TCP checksums are all being sent\n" -" by the machine on which Ethereal is running, this is probably because\n" -" the network interface on which you're capturing does TCP checksum\n" -" offloading. That means that the TCP checksum is added to the packet by\n" -" the network interface, not by the OS's TCP/IP stack; when capturing on\n" -" an interface, packets being sent by the host on which you're capturing\n" -" are directly handed to the capture interface by the OS, which means\n" -" that they are handed to the capture interface without a TCP checksum\n" -" being added to them.\n" -"\n" -" The only way to prevent this from happening would be to disable TCP\n" -" checksum offloading, but\n" -" 1. that might not even be possible on some OSes;\n" -" 2. that could reduce networking performance significantly.\n" -"\n" -" However, you can disable the check that Ethereal does of the TCP\n" -" checksum, so that it won't report any packets as having TCP checksum\n" -" errors, and so that it won't refuse to do TCP reassembly due to a\n" -" packet having an incorrect TCP checksum. That can be set as an\n" -" Ethereal preference by selecting \"Preferences\" from the \"Edit\" menu,\n" -" opening up the \"Protocols\" list in the left-hand pane of the\n" -" \"Preferences\" dialog box, selecting \"TCP\", from that list, turning off\n" -" the \"Check the validity of the TCP checksum when possible\" option,\n" -" clicking \"Save\" if you want to save that setting in your preference\n" -" file, and clicking \"OK\".\n" -"\n" -" It can also be set on the Ethereal or Tethereal command line with a -o\n" -" tcp.check_checksum:false command-line flag, or manually set in your\n" -" preferences file by adding a tcp.check_checksum:false line.\n" -"\n" -" Q 5.9: I've just installed Ethereal, and the traffic on my local LAN\n" -" is boring.\n" -"\n" -" A: We have a collection of strange and exotic sample capture files at\n" -" http://www.ethereal.com/sample/\n" -"\n" -" Q 5.10: When I run Ethereal on Solaris 8, it dies with a Bus Error\n" -" when I start it.\n" -"\n" -" A: Some versions of the GTK+ library from www.sunfreeware.org appear\n" -" to be buggy, causing Ethereal to drop core with a Bus Error.\n" -" Un-install those packages, and try getting the 1.2.10 version from\n" -" that site, or the version from The Written Word, or the version from\n" -" Sun's GNOME distribution, or the version from the supplemental\n" -" software CD that comes with the Solaris media kit, or build it from\n" -" source from the GTK Web site. Update the GLib library to the 1.2.10\n" -" version, from the same source, as well. (If you get the 1.2.10\n" -" versions from www.sunfreeware.org, and the problem persists,\n" -" un-install them and try installing one of the other versions\n" -" mentioned.)\n" -"\n" -" Similar problems may exist with older versions of GTK+ for earlier\n" -" versions of Solaris.\n" -"\n" -" Q 5.11: When I run Ethereal on Windows NT, it dies with a Dr. Watson\n" -" error, reporting an \"Integer division by zero\" exception, when I start\n" -" it.\n" -"\n" -" A: In at least some case, this appears to be due to using the default\n" -" VGA driver; if that's not the correct driver for your video card, try\n" -" running the correct driver for your video card.\n" -"\n" -" Q 5.12: When I try to run Ethereal, it complains about\n" -" sprint_realloc_objid being undefined.\n" -"\n" -" A: Ethereal can only be linked with version 4.2.2 or later of UCD\n" -" SNMP. Your version of Ethereal was dynamically linked with such a\n" -" version of UCD SNMP; however, you have an older version of UCD SNMP\n" -" installed, which means that when Ethereal is run, it tries to link to\n" -" the older version, and fails. You will have to replace that version of\n" -" UCD SNMP with version 4.2.2 or a later version.\n" -"\n" -" Q 5.13: I'm running Ethereal on Linux; why do my time stamps have only\n" -" 100ms resolution, rather than 1us resolution?\n" -"\n" -" A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap\n" -" get them from the OS kernel, so Ethereal - and any other program using\n" -" libpcap, such as tcpdump - is at the mercy of the time stamping code\n" -" in the OS for time stamps.\n" -"\n" -" At least on x86-based machines, Linux can get high-resolution time\n" -" stamps on newer processors with the Time Stamp Counter (TSC) register;\n" -" for example, Intel x86 processors, starting with the Pentium Pro, and\n" -" including all x86 processors since then, have had a TSC, and other\n" -" vendors probably added the TSC at some point to their families of x86\n" -" processors.\n" -"\n" -" The Linux kernel must be configured with the CONFIG_X86_TSC option\n" -" enabled in order to use the TSC. Make sure this option is enabled in\n" -" your kernel.\n" -"\n" -" In addition, some Linux distributions may have bugs in their versions\n" -" of the kernel that cause packets not to be given high-resolution time\n" -" stamps even if the TSC is enabled. See, for example, bug 61111 for Red\n" -" Hat Linux 7.2. If your distribution has a bug such as this, you may\n" -" have to run a standard kernel from kernel.org in order to get\n" -" high-resolution time stamps.\n" -"\n" -" Q 5.14: I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n" -" why are the time stamps on packets wrong? \n" -"\n" -" A: This is due to a bug in WinPcap. The bug should be fixed in WinPcap\n" -" 3.0.\n" -"\n" -" Q 5.15: When I try to run Ethereal on Windows, it fails to run because\n" -" it can't find packet.dll.\n" -"\n" -" A: In older versions of Ethereal, there were two binary distributions\n" -" available for Windows, one that supported capturing packets, and one\n" -" that didn't. The version that supported capturing packets required\n" -" that you install the WinPcap driver; if you didn't install it, it\n" -" would fail to run because it couldn't find packet.dll.\n" -"\n" -" The current version of Ethereal has only one binary distribution for\n" -" Windows; that version will check whether WinPcap is installed and, if\n" -" it's not, will disable support for packet capture.\n" -"\n" -" The WinPcap driver and libraries can be downloaded from the WinPcap\n" -" Web site, the local mirror of the WinPcap Web site, or the\n" -" Wiretapped.net mirror of the WinPcap site.\n" -"\n" -" Q 5.16: I'm running Ethereal on Windows; why does some network\n" -" interface on my machine not show up in the list of interfaces in the\n" -" \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n" -" and/or why does Ethereal give me an error if I try to capture on that\n" -" interface? \n" -"\n" -" A: If you are running Ethereal on Windows NT 4.0, Windows 2000,\n" -" Windows XP, or Windows Server, and this is the first time you have run\n" -" a WinPcap-based program (such as Ethereal, or Tethereal, or WinDump,\n" -" or Analyzer, or...) since the machine was rebooted, you need to run\n" -" that program from an account with administrator privileges; once you\n" -" have run such a program, you will not need administrator privileges to\n" -" run any such programs until you reboot.\n" -"\n" -" If you are running on Windows 95/98/Me, or if you are running on\n" -" Windows NT 4.0/2000/XP/Server and have administrator privileges or a\n" -" WinPcap-based program has been run with those privileges since the\n" -" machine rebooted, then note that Ethereal relies on the WinPcap\n" -" library, on the WinPcap device driver, and on the facilities that come\n" -" with the OS on which it's running in order to do captures.\n" -"\n" -" Therefore, if the OS, the WinPcap library, or the WinPcap driver don't\n" -" support capturing on a particular network interface device, Ethereal\n" -" won't be able to capture on that device.\n" -"\n" -" Note that:\n" -" * 2.02 and earlier versions of the WinPcap driver and library that\n" -" Ethereal uses for packet capture didn't support Token Ring\n" -" interfaces; the current version, 2.3, does support Token Ring, and\n" -" the current version of Ethereal works with (and, in fact,\n" -" requires) WinPcap 2.1 or later.\n" -" If you are having problems capturing on Token Ring interfaces, and\n" -" you have WinPcap 2.02 or an earlier version of WinPcap installed,\n" -" you should uninstall WinPcap, download and install the current\n" -" version of WinPcap, and then install the latest version of\n" -" Ethereal.\n" -" * On Windows 95, 98, or Me, sometimes more than one interface will\n" -" be given the same name; if that is the case, you will only be able\n" -" to capture on one of those interfaces - it's not clear to which\n" -" one the name, when used in a WinPcap-based application, will\n" -" refer. For example, if you have a PPP serial interface and a VPN\n" -" interface, they might show up with the same name, for example\n" -" \"ppp-mac\", and if you try to capture on \"ppp-mac\", it might not\n" -" capture on the interface you're currently using. In that case, you\n" -" might, for example, have to remove the VPN interface from the\n" -" system in order to capture on the PPP serial interface.\n" -" * WinPcap doesn't support PPP WAN interfaces on Windows\n" -" NT/2000/XP/Server, so Ethereal cannot capture packets on those\n" -" devices when running on Windows NT/2000/XP/Server. Regular dial-up\n" -" lines, ISDN lines, and various other lines such as T1/E1 lines are\n" -" all PPP interfaces. This may cause the interface not to show up on\n" -" the list of interfaces in the \"Capture Options\" dialog.\n" -" * WinPcap prior to 3.0 does not support multiprocessor machines\n" -" (note that machines with a single multi-threaded processor, such\n" -" as Intel's new multi-threaded x86 processors, are multiprocessor\n" -" machines as far as the OS and WinPcap are concerned), and recent\n" -" 2.x versions of WinPcap refuse to operate if they detect that\n" -" they're running on a multiprocessor machine, which means that they\n" -" may not show any network interfaces. You will need to use WinPcap\n" -" 3.0 to capture on a multiprocessor machine.\n" -"\n" -" If an interface doesn't show up in the list of interfaces in the\n" -" \"Interface:\" field, and you know the name of the interface, try\n" -" entering that name in the \"Interface:\" field and capturing on that\n" -" device.\n" -"\n" -" If the attempt to capture on it succeeds, the interface is somehow not\n" -" being reported by the mechanism Ethereal uses to get a list of\n" -" interfaces; please report this to ethereal-dev@ethereal.com giving\n" -" full details of the problem, including\n" -" * the operating system you're using, and the version of that\n" -" operating system;\n" -" * the type of network device you're using.\n" -"\n" -" If you are having trouble capturing on a particular network interface,\n" -" and you've made sure that (on platforms that require it) you've\n" -" arranged that packet capture support is present, as per the above,\n" -" first try capturing on that device with WinDump; see the WinDump Web\n" -" site or the local mirror of the WinDump Web site for information on\n" -" using WinDump.\n" -"\n" -" If you can capture on the interface with WinDump, send mail to\n" -" ethereal-users@ethereal.com giving full details of the problem,\n" -" including\n" -" * the operating system you're using, and the version of that\n" -" operating system;\n" -" * the type of network device you're using;\n" -" * the error message you get from Ethereal.\n" -"\n" -" If you cannot capture on the interface with WinDump, this is almost\n" -" certainly a problem with one or more of:\n" -, - -" * the operating system you're using;\n" -" * the device driver for the interface you're using;\n" -" * the WinPcap library and/or the WinPcap device driver;\n" -"\n" -" so first check the WinPcap FAQ, the local mirror of that FAQ, or the\n" -" Wiretapped.net mirror of that FAQ, to see if your problem is mentioned\n" -" there. If not, then see the WinPcap support page (or the local mirror\n" -" of that page) - check the \"Submitting bugs\" section.\n" -"\n" -" You may also want to ask the ethereal-users@ethereal.com and the\n" -" winpcap-users@winpcap.polito.it mailing lists to see if anybody\n" -" happens to know about the problem and know a workaround or fix for the\n" -" problem. (Note that you will have to subscribe to that list in order\n" -" to be allowed to mail to it; see the WinPcap support page, or the\n" -" local mirror of that page, for information on the mailing list.) In\n" -" your mail, please give full details of the problem, as described\n" -" above, and also indicate that the problem occurs with WinDump, not\n" -" just with Ethereal.\n" -"\n" -" Q 5.17: I'm running on a UNIX-flavored OS; why does some network\n" -" interface on my machine not show up in the list of interfaces in the\n" -" \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n" -" and/or why does Ethereal give me an error if I try to capture on that\n" -" interface? \n" -"\n" -" A: You may need to run Ethereal from an account with sufficient\n" -" privileges to capture packets, such as the super-user account. Only\n" -" those interfaces that Ethereal can open for capturing show up in that\n" -" list; if you don't have sufficient privileges to capture on any\n" -" interfaces, no interfaces will show up in the list.\n" -"\n" -" If you are running Ethereal from an account with sufficient\n" -" privileges, then note that Ethereal relies on the libpcap library, and\n" -" on the facilities that come with the OS on which it's running in order\n" -" to do captures.\n" -"\n" -" Therefore, if the OS or the libpcap library don't support capturing on\n" -" a particular network interface device, Ethereal won't be able to\n" -" capture on that device.\n" -"\n" -" On Linux, note that you need to have \"packet socket\" support enabled\n" -" in your kernel; see the \"Packet socket\" item in the Linux\n" -" \"Configure.help\" file.\n" -"\n" -" On BSD, note that you need to have BPF support enabled in your kernel;\n" -" see the documentation for your system for information on how to enable\n" -" BPF support (if it's not enabled by default on your system).\n" -"\n" -" On DEC OSF/1, Digital UNIX, or Tru64 UNIX, note that you need to have\n" -" packet filtering support in your kernel; the doconfig command will\n" -" allow you to configure and build a new kernel with that option.\n" -"\n" -" On Solaris, note that libpcap 0.6.2 and earlier didn't support Token\n" -" Ring interfaces; the current version, 0.7.2, does support Token Ring,\n" -" and the current version of Ethereal works with libcap 0.7.2 and later.\n" -"\n" -" If an interface doesn't show up in the list of interfaces in the\n" -" \"Interface:\" field, and you know the name of the interface, try\n" -" entering that name in the \"Interface:\" field and capturing on that\n" -" device.\n" -"\n" -" If the attempt to capture on it succeeds, the interface is somehow not\n" -" being reported by the mechanism Ethereal uses to get a list of\n" -" interfaces; please report this to ethereal-dev@ethereal.com giving\n" -" full details of the problem, including\n" -" * the operating system you're using, and the version of that\n" -" operating system (for Linux, give both the version number of the\n" -" kernel and the name and version number of the distribution you're\n" -" using);\n" -" * the type of network device you're using.\n" -"\n" -" If you are having trouble capturing on a particular network interface,\n" -" and you've made sure that (on platforms that require it) you've\n" -" arranged that packet capture support is present, as per the above,\n" -" first try capturing on that device with tcpdump.\n" -"\n" -" If you can capture on the interface with tcpdump, send mail to\n" -" ethereal-users@ethereal.com giving full details of the problem,\n" -" including\n" -" * the operating system you're using, and the version of that\n" -" operating system (for Linux, give both the version number of the\n" -" kernel and the name and version number of the distribution you're\n" -" using);\n" -" * the type of network device you're using;\n" -" * the error message you get from Ethereal.\n" -"\n" -" If you cannot capture on the interface with tcpdump, this is almost\n" -" certainly a problem with one or more of:\n" -" * the operating system you're using;\n" -" * the device driver for the interface you're using;\n" -" * the libpcap library;\n" -"\n" -" so you should report the problem to the company or organization that\n" -" produces the OS (in the case of a Linux distribution, report the\n" -" problem to whoever produces the distribution).\n" -"\n" -" You may also want to ask the ethereal-users@ethereal.com and the\n" -" tcpdump-workers@tcpdump.org mailing lists to see if anybody happens to\n" -" know about the problem and know a workaround or fix for the problem.\n" -" In your mail, please give full details of the problem, as described\n" -" above, and also indicate that the problem occurs with tcpdump not just\n" -" with Ethereal.\n" -"\n" -" Q 5.18: I'm running Ethereal on Windows NT/2000/XP/Server; my machine\n" -" has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the\n" -" \"Interface\" item in the \"Capture Options\" dialog box. Why can no\n" -" packets be sent on or received from that network while I'm trying to\n" -" capture traffic on that interface?\n" -"\n" -" A: WinPcap doesn't support PPP WAN interfaces on Windows\n" -" NT/2000/XP/Server; one symptom that may be seen is that attempts to\n" -" capture in promiscuous mode on the interface cause the interface to be\n" -" incapable of sending or receiving packets. You can disable promiscuous\n" -" mode using the -p command-line flag or the item in the \"Capture\n" -" Preferences\" dialog box, but this may mean that outgoing packets, or\n" -" incoming packets, won't be seen in the capture.\n" -"\n" -" Q 5.19: I'm running Ethereal on Windows 95/98/Me, on a machine with\n" -" more than one network adapter of the same type; Ethereal shows all of\n" -" those adapters with the same name, but I can't use any of those\n" -" adapters other than the first one.\n" -"\n" -" A: Unfortunately, Windows 95/98/Me gives the same name to multiple\n" -" instances of the type of same network adapter. Therefore, WinPcap\n" -" cannot distinguish between them, so a WinPcap-based application can\n" -" capture only on the first such interface; Ethereal is a\n" -" libpcap/WinPcap-based application.\n" -"\n" -" Q 5.20: I'm running Ethereal on Windows, and I'm not seeing any\n" -" traffic being sent by the machine running Ethereal.\n" -"\n" -" A: If you are running some form of VPN client software, it might be\n" -" causing this problem; people have seen this problem when they have\n" -" Check Point's VPN software installed on their machine. If that's the\n" -" cause of the problem, you will have to remove the VPN software in\n" -" order to have Ethereal (or any other application using WinPcap) see\n" -" outgoing packets; unfortunately, neither we nor the WinPcap developers\n" -" know any way to make WinPcap and the VPN software work well together.\n" -"\n" -" Also, some drivers for Windows (especially some wireless network\n" -" interface drivers) apparently do not, when running in promiscuous\n" -" mode, arrange that outgoing packets are delivered to the software that\n" -" requested that the interface run promiscuously; try turning\n" -" promiscuous mode off.\n" -"\n" -" Q 5.21: I'm trying to capture traffic but I'm not seeing any.\n" -"\n" -" A: Is the machine running Ethereal sending out any traffic on the\n" -" network interface on which you're capturing, or receiving any traffic\n" -" on that network, or is there any broadcast traffic on the network or\n" -" multicast traffic to a multicast group to which the machine running\n" -" Ethereal belongs?\n" -"\n" -" If not, this may just be a problem with promiscuous sniffing, either\n" -" due to running on a switched network or a dual-speed hub, or due to\n" -" problems with the interface not supporting promiscuous mode; see the\n" -" response to this earlier question.\n" -"\n" -" Otherwise, on Windows, see the response to this question and, on a\n" -" UNIX-flavored OS, see the response to this question.\n" -"\n" -" Q 5.22: I have an XXX network card on my machine; if I try to capture\n" -" on it, my machine crashes or resets itself. \n" -"\n" -" A: This is almost certainly a problem with one or more of:\n" -" * the operating system you're using;\n" -" * the device driver for the interface you're using;\n" -" * the libpcap/WinPcap library and, if this is Windows, the WinPcap\n" -" device driver;\n" -"\n" -" so:\n" -" * if you are using Windows, see the WinPcap support page (or the\n" -" local mirror of that page) - check the \"Submitting bugs\" section;\n" -" * if you are using some Linux distribution, some version of BSD, or\n" -" some other UNIX-flavored OS, you should report the problem to the\n" -" company or organization that produces the OS (in the case of a\n" -" Linux distribution, report the problem to whoever produces the\n" -" distribution).\n" -"\n" -" Q 5.23: My machine crashes or resets itself when I select \"Start\" from\n" -" the \"Capture\" menu or select \"Preferences\" from the \"Edit\" menu. \n" -"\n" -" A: Both of those operations cause Ethereal to try to build a list of\n" -" the interfaces that it can open; it does so by getting a list of\n" -" interfaces and trying to open them. There is probably an OS, driver,\n" -" or, for Windows, WinPcap bug that causes the system to crash when this\n" -" happens; see the previous question.\n" -"\n" -" Q 5.24: Does Ethereal work on Windows ME? \n" -"\n" -" A: Yes, but if you want to capture packets, you will need to install\n" -" the latest version of WinPcap, as 2.02 and earlier versions of WinPcap\n" -" didn't support Windows ME. You should also install the latest version\n" -" of Ethereal as well.\n" -"\n" -" Q 5.25: Does Ethereal work on Windows XP? \n" -"\n" -" A: Yes, but if you want to capture packets, you will need to install\n" -" the latest version of WinPcap, as 2.2 and earlier versions of WinPcap\n" -" didn't support Windows XP.\n" -"\n" -" Q 5.26: Why doesn't Ethereal correctly identify RTP packets? It shows\n" -" them only as UDP.\n" -"\n" -" A: Ethereal can identify a UDP datagram as containing a packet of a\n" -" particular protocol running atop UDP only if\n" -" 1. The protocol in question has a particular standard port number,\n" -" and the UDP source or destination port number is that port\n" -" 2. Packets of that protocol can be identified by looking for a\n" -" \"signature\" of some type in the packet - i.e., some data that, if\n" -" Ethereal finds it in some particular part of a packet, means that\n" -" the packet is almost certainly a packet of that type.\n" -" 3. Some other traffic earlier in the capture indicated that, for\n" -" example, UDP traffic between two particular addresses and ports\n" -" will be RTP traffic.\n" -"\n" -" RTP doesn't have a standard port number, so 1) doesn't work; it\n" -" doesn't, as far as I know, have any \"signature\", so 2) doesn't work.\n" -"\n" -" That leaves 3). If there's RTSP traffic that sets up an RTP session,\n" -" then, at least in some cases, the RTSP dissector will set things up so\n" -" that subsequent RTP traffic will be identified. Currently, that's the\n" -" only place we do that; there may be other places.\n" -"\n" -" However, there will always be places where Ethereal is simply\n" -" incapable of deducing that a given UDP flow is RTP; a mechanism would\n" -" be needed to allow the user to specify that a given conversation\n" -" should be treated as RTP. As of Ethereal 0.8.16, such a mechanism\n" -" exists; if you select a UDP or TCP packet, the right mouse button menu\n" -" will have a \"Decode As...\" menu item, which will pop up a dialog box\n" -" letting you specify that the source port, the destination port, or\n" -" both the source and destination ports of the packet should be\n" -" dissected as some particular protocol.\n" -"\n" -" Q 5.27: Why doesn't Ethereal show Yahoo Messenger packets in captures\n" -" that contain Yahoo Messenger traffic?\n" -"\n" -" A: Ethereal only recognizes as Yahoo Messenger traffic packets to or\n" -" from TCP port 3050 that begin with \"YPNS\", \"YHOO\", or \"YMSG\". TCP\n" -" segments that start with the middle of a Yahoo Messenger packet that\n" -" takes more than one TCP segment will not be recognized as Yahoo\n" -" Messenger packets (even if the TCP segment also contains the beginning\n" -" of another Yahoo Messenger packet).\n" -"\n" -" Q 5.28: Why do I get the error \n" -"\n" -" Gdk-ERROR **: Palettized display (256-colour) mode not supported on\n" -" Windows.\n" -" aborting....\n" -"\n" -" when I try to run Ethereal on Windows?\n" -"\n" -" A: Ethereal is built using the GTK+ toolkit, which supports most\n" -" UNIX-flavored OSes, and also supports Windows.\n" -"\n" -" Windows versions of Ethereal before 0.9.14 were built with an older\n" -" version of that toolkit, which didn't support 256-color mode on\n" -" Windows - it required HiColor (16-bit colors) or more.\n" -"\n" -" Windows versions of Ethereal 0.9.14 and later are built with a version\n" -" of that toolkit that supports 256-color mode; upgrade to the current\n" -" version of Ethereal if you want to run on a display in 256-color mode.\n" -"\n" -" Q 5.29: When I capture on Windows in promiscuous mode, I can see\n" -" packets other than those sent to or from my machine; however, those\n" -" packets show up with a \"Short Frame\" indication, unlike packets to or\n" -" from my machine. What should I do to arrange that I see those packets\n" -" in their entirety? \n" -"\n" -" A: In at least some cases, this appears to be the result of PGPnet\n" -" running on the network interface on which you're capturing; turn it\n" -" off on that interface.\n" -"\n" -" Q 5.30: How can I capture raw 802.11 packets, including non-data\n" -" (management, beacon) packets? \n" -"\n" -" A: That would require that your 802.11 interface run in the mode\n" -" called \"monitor mode\" or \"RFMON mode\". Not all operating systems\n" -" support that and, even on operating systems that do support it, not\n" -" all drivers, and thus not all cards, support it.\n" -"\n" -" Cisco Aironet cards:\n" -"\n" -" The only platforms that allow Ethereal to capture raw 802.11 packets\n" -" on Cisco Aironet cards are:\n" -" * Linux, with a 2.4.6 or later kernel;\n" -" * FreeBSD 4.6 or later, as the driver in FreeBSD 4.5 has bugs that\n" -" cause packets not to be captured correctly, and the driver in\n" -" releases prior to 4.5 didn't support capturing raw packets.\n" -"\n" -" On FreeBSD, the ancontrol utility must be used; do not enable the full\n" -" Aironet header via BPF, as Ethereal doesn't currently support that.\n" -"\n" -" On Linux with the driver in the 2.4.6 through 2.4.19 kernel, you will\n" -" need to do\n" -"\n" -"echo \"Mode: rfmon\" >/proc/driver/aironet/ethN/Config\n" -"\n" -" if your Aironet card is ethN. To capture traffic from any BSS, do\n" -"\n" -"echo \"Mode: y\" >/proc/driver/aironet/ethN/Config\n" -"\n" -" and to return to the normal mode, do\n" -"\n" -"echo \"Mode: ess\" >/proc/driver/aironet/ethN/Config\n" -"\n" -" On Linux with the driver in the 2.4.20 kernel, or with the CVS drivers\n" -" from the airo-linux SourceForge site, you will have to capture on the\n" -" wifiN interface if your Aironet card is ethN, after running the\n" -" commands listed above.\n" -"\n" -" In all of those cases, Ethereal would have to be linked with libpcap\n" -" 0.7.1 or later; this means that most Ethereal binary packages won't\n" -" work unless they're statically linked with libpcap 0.7.1 or later, or\n" -" they're dynamically linked with libpcap and your system has a libpcap\n" -" 0.7.1 or later shared library installed (note that libpcap source\n" -" package from tcpdump.org does not build shared libraries). Some binary\n" -" packaging mechanisms might make it difficult to install Ethereal\n" -" binary packages built to depend on older libpcap binary packages if\n" -" you have a newer libpcap binary package installed; the installer\n" -" programs for those packaging mechanisms might support disabling\n" -" dependency checking so that they will install Ethereal even though a\n" -" newer version of libpcap is installed.\n" -"\n" -" Cards using the Prism II chip set (see this page of Linux 802.11\n" -" information for details on wireless cards, including information on\n" -" the chips they use):\n" -"\n" -" You can capture raw 802.11 packets with Prism II cards on Linux\n" -" systems with the 0.1.14-pre6 or later version of the linux-wlan-ng\n" -" drivers (see the linux-wlan page, and the linux-wlan-ng tarball\n" -" directory).\n" -"\n" -" Those require either Solomon Peachy's patch to libpcap 0.7.1 (see his\n" -" libpcap-0.7.1-prism.diff file, or his RPMs of that version of\n" -" libpcap), or the current CVS version of libpcap, which includes his\n" -" patch (download it from the \"Current Tar files\" section of the\n" -" tcpdump.org Web site). If you apply his patches to libpcap 0.7.1 and\n" -" rebuild and install libpcap, or if you build and install the current\n" -" CVS version of libpcap, you would have to rebuild Ethereal from\n" -" source, linking it with that new version of libpcap; an Ethereal\n" -" binary package would not work. Ethereal binary packages might work if\n" -" you install the libpcap-0.7.1-1prism.i386.rpm RPM, as it might install\n" -" a libpcap shared library in place of the one on your system.\n" -"\n" -" You may have to run a command to put the interface into monitor mode,\n" -" or to change other interface settings, and you might have to capture\n" -" on a wlanN interface rather than a ethN interface, in order to capture\n" -" raw 802.11 packets. The interface settings are available in your\n" -" wlan-ng.conf file. See the wlan-ng FAQ for additional information.\n" -"\n" -" On other platforms, capturing raw 802.11 packets on Prism II cards is\n" -" not currently supported.\n" -"\n" -" Orinoco Silver and Gold cards:\n" -"\n" -" On Linux systems, there are patches on the Orinoco Monitor Mode Patch\n" -" Page that should allow you to do capture raw 802.11 packets. You will\n" -" have to determine which version of the driver you have, and select the\n" -" appropriate patch.\n" -"\n" -" Note that the page indicates that not all versions of the Orinoco\n" -" firmware support this patch. It says, for some versions of the patch,\n" -" \"This patch should allow monitor mode with v8.10 firmware (untested w/\n" -" 8.42);\" if you have version 8.10 or later firmware on your Orinoco\n" -" cards, you might have to use those patches, with the corresponding\n" -" versions of the Orinoco driver, in order to run in monitor mode.\n" -"\n" -" That patch is written for the drivers included with the pcmcia-cs\n" -" drivers, but works equally well for the Orinoco drivers provided with\n" -" Linux kernels up to 2.4.20. To apply a patch to your kernel drivers,\n" -" simply copy the orinoco-09b-patch.diff file to the\n" -" /usr/src/linux/drivers/net directory and patch according to the\n" -" directions on the Orinoco Monitor Mode Patch Page. You can double-\n" -" check the version of the Orinoco drivers that shipped with your kernel\n" -" by examining the first few lines of the orinoco.c file.\n" -"\n" -" Te Orinoco patches require either Solomon Peachy's patch to libpcap\n" -" 0.7.1 (see his libpcap-0.7.1-prism.diff file, or his RPMs of that\n" -" version of libpcap), or the current CVS version of libpcap, which\n" -" includes his patch (download it from the \"Current Tar files\" section\n" -" of the tcpdump.org Web site). If you apply his patches to libpcap\n" -" 0.7.1 and rebuild and install libpcap, or if you build and install the\n" -" current CVS version of libpcap, you would have to rebuild Ethereal\n" -" from source, linking it with that new version of libpcap; an Ethereal\n" -" binary package would not work. Ethereal binary packages might work if\n" -" you install the libpcap-0.7.1-1prism.i386.rpm RPM, as it might install\n" -" a libpcap shared library in place of the one on your system.\n" -"\n" -" On other platforms, capturing raw 802.11 packets on Orinoco cards is\n" -" not currently supported.\n" -"\n" -" Other 802.11 interfaces:\n" -"\n" -" With other 802.11 interfaces, no platform allows Ethereal to capture\n" -" raw 802.11 packets, as far as we know. If you know of other 802.11\n" -" interfaces that are supported (note that there are many \"Prism II\n" -" cards\", so your card might be a Prism II card), please let us know,\n" -" and include URLs for sites containing any necessary patches to add\n" -" this support.\n" -, - -"\n" -" On platforms that don't allow Ethereal to capture raw 802.11 packets,\n" -" the 802.11 network will appear like an Ethernet to Ethereal.\n" -"\n" -" Q 5.31: How can I capture packets with CRC errors? \n" -"\n" -" A: Ethereal can capture only the packets that the packet capture\n" -" library - libpcap on UNIX-flavored OSes, and the WinPcap port to\n" -" Windows of libpcap on Windows - can capture, and libpcap/WinPcap can\n" -" capture only the packets that the OS's raw packet capture mechanism\n" -" (or the WinPcap driver, and the underlying OS networking code and\n" -" network interface drivers, on Windows) will allow it to capture.\n" -"\n" -" Unless the OS can be configured to supply packets with errors such as\n" -" invalid CRCs to the raw packet capture mechanism, Ethereal - and other\n" -" programs that capture raw packets, such as tcpdump - cannot capture\n" -" those packets. You will have to determine whether your OS can be so\n" -" configured, configure it if possible, and make whatever changes to\n" -" libpcap and the packet capture program you're using are necessary to\n" -" support capturing those packets.\n" -"\n" -" Q 5.32: How can I capture entire frames, including the FCS? \n" -"\n" -" A: Ethereal can't capture any data that the packet capture library -\n" -" libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of\n" -" libpcap on Windows - can capture, and libpcap/WinPcap can capture only\n" -" the data that the OS's raw packet capture mechanism (or the WinPcap\n" -" driver, and the underlying OS networking code and network interface\n" -" drivers, on Windows) will allow it to capture.\n" -"\n" -" For any particular link-layer network type, unless the OS supplies the\n" -" FCS of a frame as part of the frame, or can be configured to supply\n" -" the FCS of a frame as part of the frame, Ethereal - and other programs\n" -" that capture raw packets, such as tcpdump - cannot capture the FCS of\n" -" a frame. You will have to determine whether your OS can be so\n" -" configured, configure it if possible, and make whatever changes to\n" -" libpcap and the packet capture program you're using are necessary to\n" -" support capturing the FCS of a frame. Most if not all OSes probably do\n" -" not support capturing the FCS of a frame on Ethernet, and probably do\n" -" not support it on most other link-layer types.\n" -"\n" -" Q 5.33: Ethereal hangs after I stop a capture. \n" -"\n" -" A: The most likely reason for this is that Ethereal is trying to look\n" -" up an IP address in the capture to convert it to a name (so that, for\n" -" example, it can display the name in the source address or destination\n" -" address columns), and that lookup process is taking a very long time.\n" -"\n" -" Ethereal calls a routine in the OS of the machine on which it's\n" -" running to convert of IP addresses to the corresponding names. That\n" -" routine probably does one or more of:\n" -" * a search of a system file listing IP addresses and names;\n" -" * a lookup using DNS;\n" -" * on UNIX systems, a lookup using NIS;\n" -" * on Windows systems, a NetBIOS-over-TCP query.\n" -"\n" -" If a DNS server that's used in an address lookup is not responding,\n" -" the lookup will fail, but will only fail after a timeout while the\n" -" system routine waits for a reply.\n" -"\n" -" In addition, on Windows systems, if the DNS lookup of the address\n" -" fails, either because the server isn't responding or because there are\n" -" no records in the DNS that could be used to map the address to a name,\n" -" a NetBIOS-over-TCP query will be made. That query involves sending a\n" -" message to the NetBIOS-over-TCP name service on that machine, asking\n" -" for the name and other information about the machine. If the machine\n" -" isn't running software that responds to those queries - for example,\n" -" many non-Windows machines wouldn't be running that software - the\n" -" lookup will only fail after a timeout. Those timeouts can cause the\n" -" lookup to take a long time.\n" -"\n" -" If you disable network address-to-name translation - for example, by\n" -" turning off the \"Enable network name resolution\" option in the \"Name\n" -" resolution\" options in the dialog box you get by selecting\n" -" \"Preferences\" from the \"Edit\" menu - the lookups of the address won't\n" -" be done, which may speed up the process of reading the capture file\n" -" after the capture is stopped. You can make that setting the default by\n" -" using the \"Save\" button in that dialog box; note that this will save\n" -" all your current preference settings.\n" -"\n" -" If Ethereal hangs when reading a capture even with network name\n" -" resolution turned off, there might, for example, be a bug in one of\n" -" Ethereal's dissectors for a protocol causing it to loop infinitely.\n" -" The bug should be reported to the Ethereal developers' mailing list at\n" -" ethereal-dev@ethereal.com.\n" -"\n" -" On UNIX-flavored OSes, please try to force Ethereal to dump core, by\n" -" sending it a SIGABRT signal (usually signal 6) with the kill command,\n" -" and then get a stack trace if you have a debugger installed. A stack\n" -" trace can be obtained by using your debugger (gdb in this example),\n" -" the Ethereal binary, and the resulting core file. Here's an example of\n" -" how to use the gdb command backtrace to do so.\n" -" $ gdb ethereal core\n" -" (gdb) backtrace\n" -" ..... prints the stack trace\n" -" (gdb) quit\n" -" $\n" -"\n" -" The core dump file may be named \"ethereal.core\" rather than \"core\" on\n" -" some platforms (e.g., BSD systems)\n" -"\n" -" Also, if at all possible, please send a copy of the capture file that\n" -" caused the problem; when capturing packets, Ethereal normally writes\n" -" captured packets to a temporary file, which will probably be in /tmp\n" -" or /var/tmp on UNIX-flavored OSes and \\TEMP on Windows, so the capture\n" -" file will probably be there. It will have a name beginning with ether,\n" -" with some mixture of letters and numbers after that. Please don't send\n" -" a trace file greater than 1 MB when compressed. If the trace file\n" -" contains sensitive information (e.g., passwords), then please do not\n" -" send it.\n" -"\n" -" Q 5.34: How can I search for, or filter, packets that have a\n" -" particular string anywhere in them? \n" -"\n" -" A: If you want to do this when capturing, you can't. That's a feature\n" -" that would be hard to implement in capture filters without changes to\n" -" the capture filter code, which, on many platforms, is in the OS kernel\n" -" and, on other platforms, is in the libpcap library.\n" -"\n" -" In releases prior to 0.9.14, you also can't search for, or filter,\n" -" packets containing a particular string even after you've captured\n" -" them.\n" -"\n" -" In 0.9.14, you can search for, but not filter, packets that have a\n" -" particular string; this has been added to the \"Find Frame\" dialog\n" -" (\"Find Frame\" under the \"Edit\" menu, or control-F).\n" -"\n" -"\n" -" Support can be found on the ethereal-users[AT]ethereal.com mailing\n" -" list. \n" -" For corrections/additions/suggestions for this page, please send email\n" -" to: ethereal-web[AT]ethereal.com\n" -" Last modified: Tue, August 19 2003.\n" -}; -#define FAQ_PARTS 5 -#define FAQ_SIZE 78651 diff --git a/Makefile.am b/Makefile.am index 3e24534d76..9722828454 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for Ethereal # -# $Id: Makefile.am,v 1.674 2003/12/19 23:39:53 guy Exp $ +# $Id: Makefile.am,v 1.675 2003/12/21 04:25:57 jmayer Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs <gerald@ethereal.com> @@ -408,6 +408,7 @@ DISSECTOR_SRC = \ packet-slimp3.c \ packet-sll.c \ packet-slowprotocols.c \ + packet-slsk.c \ packet-smb.c \ packet-smb-browse.c \ packet-smb-common.c \ @@ -1159,7 +1160,6 @@ MAINTAINERCLEANFILES = \ EXTRA_DIST = \ Ethereal.desktop \ FAQ \ - FAQ.include \ INSTALL.configure \ Makefile.nmake \ README.aix \ |